Microsoft Pulls XP Support

Thousands of industrial systems will be affected as they begin to go without security updates or technical support.

Thousands of industrial systems will be affected as they begin to go without security updates or technical support. Microsoft pulled its support for Windows XP officially on April 8, 2014. The company advised users to migrate to a current OS, as XP systems will no longer be protected. Unfortunately, XP is the most widely used industrial automation OS.

It’s not as if there wasn’t notice; it’s actually been years since Microsoft announced that support would cease in April 2014. Larger companies have likely migrated to new systems as their IT departments are typically well prepared for these events. It’s the smaller, IT-less company, however, where there may be challenges, especially on the security and virus front.

XP has been on the market for a dozen years and is the longest-supported Windows OS.

Obviously, there are a few choices. Buy a new PC, move data via Laplink -- a data migration solution with step-by-step instructions -- and move to Windows 8.1, and plan to either create or outsource an IT effort.

Without security updates to protect systems from attacks, ultimately, you’re the proverbial sitting duck. Such threats are becoming common in industrial automation equipment using Windows XP, industrial PCs, and distributed control systems.

In an advisory, information/analysis provider IHS stated that it doesn’t think pulling XP support will affect that many companies. Likely the ones that are the most vulnerable would have other vulnerabilities besides XP, especially if they lack an internal IT effort. These are the companies that consider security to be a matter of installing firewalls. And, while the loss of XP in itself would probably not expose them anymore than they have been, given their inadequate attention to security, don’t you think the numbers of attacks will increase since the XP situation provides a playground for hackers they just won’t be able to resist?

— Carolyn Mathas is a freelance blogger and editor for EE Times's Industrial Control Designline

Throughout the 90s, I was an advocate of OS/2 - an operating system that looked like a Windows-for-Workgroups 3.11 on steroids in its 1.1 revision (ca. 1990) and then later in its Warp series, a different thing altogether. In the 90s, many if not most ATMs used OS/2 Warp 2 or Warp 3. In the early 'aughts, IBM quietly discontinued the use of OS/2 and ATMs have been running XP or some variant ever since.

I don't see why such a smooth transition couldn't take place once again. I think the ATM argument is moot and pointless.

Thanks, Olaf, for clarifying. I'm not so worried about ATM's at the moment but all the XP systems that are still running in critical applications like the power grid and the military. Granted, there are some apps that don't run in W8 nor W7, maybe not even Vista (which is supported to 2017) but for the rest, what's the excuse? It's not like it happened overnight, there was a two year warning prior to the April 8 close.

Separate networks for financial transactions JUST FOR THE PURPOSE OF SECURITY? Sounds like a reasonable approach in a country like Germany which values the "technically correct" way of doing things. But here in the US you've got to remember the financial industry is run by super-cost-conscious "technophobes" who have allowed us to get probably something like 15 years behind in such basic security technologies as chip-and-PIN credit cards (which are still almost unheard of here). And there was something reported about banks paying for XP support and I'm NOT really sure which version of XP the ATMs commonly use, but it surely was whatever they could get their hands on the cheapest at the time. No there won't be any money spent to "improve ATM security" until articles about ATM hacking start showing up in the papers here regularly...we're pretty much doomed to that future already it seems!

As far as I know, ATMs use 'WinXP Embedded' and this version is supported by Microsoft until 2016. Thus, there should be enough time to upgrade the systems. Furthermore, I think, ATMs have no internet connections because the finance institutes have their own network. At least here in Germany this should be the case.

According to some sources, 420,000 automated teller machines (ATMs), or roughly 75% of them, still use XP, and since the hardware they're built on dates back to the era when dinosaurs roamed the earth (or so it seems), even upgrading them to a more modern generation of Windows isn't even an option. It also seems as if the banks that own these machines either don't understand Linux or don't appreciate that using Linux in clients is just as secure as when it is used in servers, so at least some of them have signed on to special "XP maintenance contracts" that Redmond apparently offers. I guess this means we can look forward to many more Target-like "horror stories" about hackers persuading ATMs to disgorge endless waves of twenty-dollar bills over sidewalks everywhere, what fun!